Posted
by
samzenpus
on Wednesday December 07, 2011 @04:53PM
from the bugs-everywhere dept.

itwbennett writes "Antivirus firm Sophos acquired a passel of USB sticks lost by commuters on trains in the Greater Sydney metro area at an auction organized by the Rail Corporation New South Wales. The company analyzed 50 USB sticks and found that not a single one was encrypted and 33 of them were infected with at least one type of malware."

The whole point of portable USB sticks is to access your data from strange computers. Plugging an encrypted USB stick into a strange computer completely defeats the point of the encryption. None of my USB sticks are encrypted; they don't need to be because they have no personal information on them.

.. they were lost by the 10% of commuters stupid enough to lose an USB stick.

Why is this modded troll? Is it unreasonable to assume there might be some correlation between those people who are less careful with possessions and those who are less careful about encryption/malware, etc.? I'm not suggesting that it is impossible for a very careful person to drop something or have it fall through an unknown hole in the pocket, but at the same time, I don't think it is unreasonable to suspect that a population of those who left their USB sticks on the subway aren't necessarily perfectly representative of the population of USB stick users as a whole.

This isn't lost USB sticks - this is USB sticks that were lost and weren't reclaimed long enough to end up in a transit authority auction.

Auctioning these thing seems the height of irresponsibility. I wonder what legal ramifications there are for the Rail Corporation in releasing private information, (even if accidentally lost) to total strangers.

From TFA:

he Sophos researchers found personal information belonging to the former owners of the devices, as well as their families, friends and colleagues. The recovered files included images, documents, source code, audio files, video files, XML files and even AutoCAD drawings.

None of these (256 meg to 8 Gig) were so valuable that their destruction would have been considered a huge waste, and the potential damage to the forgetful owner could be massive. You would think that the LEAST they could do was format them, which itself is far from fool proof. But releasing them intact just seems dumb, even if not illegal.

he Sophos researchers found personal information belonging to the former owners of the devices, as well as their families, friends and colleagues. The recovered files included images, documents, source code, audio files, video files, XML files and even AutoCAD drawings.

most lost USB sticks are being handed into lost property rather than being plugged into computers by users.

100% of items handed in, have been handed in -- what a surprise! How do they track lost items that were not handed in? This is as accurate as Gracie Allen's telephone poll -- 100% of people she phoned, had a phone.